Linked by David Adams on Tue 12th Jul 2011 19:08 UTC, submitted by HAL2001
Privacy, Security, Encryption ACROS Security has discovered a vulnerability in Sun Java, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading an executable file in an insecure manner when an out of memory condition occurs.
Permalink for comment 480507
To read all comments associated with this story, please click here.
More details, please
by f0dder on Tue 12th Jul 2011 19:45 UTC
f0dder
Member since:
2009-08-05

There's not a lot of info in the post.

Is there a problem in the jar or .class loader, which when presented with invalid input results in out-of-memory and arbitrary code execution?

Or do you need to load an applet which can then trigger the OOM+Execution?

There's quite a difference - #1 could be really bad, #2 would require the user clicking "yeah, rape me" button to load the (probably unsigned) applet first.

Reply Score: 1